A new attack chain messes with Kubernetes DNS resolution and ArgoCD’s certificate injection to swipe GitHub credentials. With the right permissions, a user inside the cluster can reroute GitOps traffic to a fake internal service, sniff auth headers, and quietly walk off with tokens.
What’s broken: GitOps pipelines are trusting internal DNS and certs way too much. That blind trust? It’s leaving CI/CD creds wide open.
